The University of Lethbridge says an Excel document with personal information of 1,225 patients at its health centre was inadvertently shared with a student.
The document that was the subject of a privacy breach included names, dates of birth, personal health numbers, genders and a list of family physicians whom patients had seen since 2015.
The U of L said the breach happened on June 23 when an email that was intended to be sent from one health centre employee to another was inadvertently sent to a U of L student email address.
The university became aware of the error a day after the email was sent. The health centre immediately contacted the office of the information and privacy commissioner to determine next steps and to begin its investigation into the breach.
The university declined to comment on camera but issued a statement on the breach.
“There is no indication the student opened, saved or forwarded the attachment and the email was deleted from the system by the university’s information technology department,” the statement reads.
“Despite the fact this email was sent to only one student, personal information may have been compromised”.
In a letter obtained by Global News that was sent to students and staff on Monday, lead physician Dr. Terri Kremenik said the IT department was contacted and could confirm the student did open the email, which was marked as “read” and had not been deleted from the inbox.
Kremenik also said the health centre had tried contacting the student several times to request they delete the email but had not received a response.
The U of L said the health centre’s protocols for handling personal information have been thoroughly reviewed and communication policies and privacy protocols have been reinforced with all staff members.